Malware Analysis Report

2024-12-07 10:04

Sample ID 241114-ctzqdstblg
Target 30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe
SHA256 30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27
Tags
credential_access discovery ransomware spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27

Threat Level: Likely malicious

The file 30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe was found to be: Likely malicious.

Malicious Activity Summary

credential_access discovery ransomware spyware stealer

Renames multiple (7725) files with added filename extension

Renames multiple (8552) files with added filename extension

Reads user/profile data of web browsers

Credentials from Password Stores: Windows Credential Manager

Drops startup file

Drops desktop.ini file(s)

Drops file in Program Files directory

Unsigned PE

Browser Information Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 02:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 02:22

Reported

2024-11-14 02:25

Platform

win7-20240708-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe"

Signatures

Renames multiple (8552) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Recorded TV\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Solitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\YQ90JXIE\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\IQBL5G2Z\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\7CO3PKGI\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\63WZ73PY\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB.DEV_COL.HXC C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGACCBOX.DPV C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Belem C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\plugin.jar C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0106816.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287643.JPG C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Essential.eftx C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMask.bmp C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\Issues.accdt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Paper.eftx C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SHARING.CFG C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00683_.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9 C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PSRCHPHN.DAT C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\PROFILE.ELM C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0301052.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0315580.JPG C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00017_.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1036\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287642.JPG C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00152_.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Earthy.css C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099190.JPG C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageSmall.jpg C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL089.XML C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2 C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0106124.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Verve.xml C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPAPERS.INI C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00289_.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21318_.GIF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_underline.gif C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02092_.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A

Browser Information Discovery

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe

"C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\readme.txt

MD5 740589569b04d248a322588a6a3ba703
SHA1 afa81f06545da432a7e2f5d32574ea8dc17f3f53
SHA256 3e5e8c57f927e2fad1d577f52e16cc76f10d86013f921dcc85a129c67ddd3410
SHA512 0d337f86cd09ac78d33f58ed7c4585648db036d12721ffe202a8d9ac239ddbb5e34e9ee7430e9720787d4e3c1e37c2200269fe62cfb4f21a0de49a11fe5ae91d

C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl

MD5 f2997acdd0e2a08985ebbdd97cfcc91c
SHA1 b4468aae7074c726f83601f34a417b8b39cb977c
SHA256 c8d747e3b20dc6bef0219fba751e9ca50da7208ba9b1656aa9710cd4316ee5ab
SHA512 30d7d710e8eb0c9a545732af1ed5412ea2624cc29a412eeea8b9a2bf5f5b3f1e2d9dcfc142fc7705c941cf2e050ff879a8d6d23f7307bf3d3311b28fade1af47

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 688740cf8a340c5c1808a98269514b4f
SHA1 196fa69bcd685e4180d51effc6ae622978a6ae80
SHA256 c93d1d799221076cd2e6caee988a553ffcaab7e40e5b36a07ca8d3be0021debf
SHA512 102a3e2380dbb5f762623e2b9c403a039cec7b2de1669cb64eba3d646249cf38cb8e7c99cda7a2bf2f86aaaadeea66c7768a1330f0e4492553d690f6cf5bdc81

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.NBA

MD5 8a54b4afd9737b67efb8388256e3d0ff
SHA1 b1c039844de3a6f5342ce4aaf7ca4097b06e4c1f
SHA256 b9678d3d99f78500f548b1defd07f0bb3cd1096b32f53b7e555d0940ff67eca1
SHA512 df3cc04a1f876beb169219dd07cf5e724e2019fbc446428454344ef9596322bb75c7e7ae7559cfc64d8e70bcb88fd6110f33345129ffd38bbc536ee6d0ab2178

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 5c370e0c02c71d4d27f0ab288583f2f7
SHA1 d40f5b5946b1a991a0f08999b4e2ed813f50f6f6
SHA256 2cf2d1df35f959a624d52f12bea9380bff9ef288468609b613e5f81a82e5b7b1
SHA512 7a16a7abbdc153a817ab72a9d2e93b9fcb68beb9855e999c13946d90edaa8f6bdd7b2462d28a11ede3ffc5e932227221eb8853e1ddd6cdba59ab0344f26fb65f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 c91a024250a598f9c12117c526db0960
SHA1 20d28a6685c4db8ea36fd03c1a3af9d38ad6fa3a
SHA256 9ac904741c5a2909dd930649d5e6797520d331d4da04ba711b4fcd27b18aa05a
SHA512 3a3c78ee33521c293692137a9ab08fea843f6586f7e2db55dfc156853df2870505a82127627be4db9133862c3999c5745b027f74607e41708f86766f5e37e02c

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 0efd860a192f35f5dfdff220072abed0
SHA1 06f8d99e71be13dbd0405029d8e9bcd492dfe3f1
SHA256 44ed9dd9bee38c5b3d86e083d408cca7bf172521b9096af455ba29b8b64c345f
SHA512 fb539a939fac75c45926fa7ad01cffc1e4c7f12146eee07680ee482e81eff8e6a9b7b0c7668098fe895914b807a29cfbbdba268b0bafdf715793f361df1c8650

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf

MD5 4c0ec19fdcc66b3eb5a6a8bee43ef9b6
SHA1 3b6a197a89559352be1af0f0f897f7303bdfcb80
SHA256 9ec328ca46c2e02ac3888e80e40d1726da498d6cbced4df4c1e933bd7678cba0
SHA512 bedcde94780e1b4f478c57ff70dd102d0a412e433268f831d7fb80ca2e4feb0b4177a620eeb595821a7b6ddaff369d23cf53b40af7df7a8e8e02c7575990f50f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF

MD5 72721a027d79e9b536ddc8feb7b98b72
SHA1 011618c8d90d8abf0c4b2f1d3d09d88e7c87b4f7
SHA256 a4ac9c09c521cfdb1e3385f18999be609f967ccca35ae29b014fc88ee4b9891a
SHA512 835dcc0d475e7959aa31545208005e2a0eb5facf8dbd1732d582db5b4ffacd920d5a076c2e1e2c54bf88e51cc2b9b0b2a8a16afc237b38b3592e7b77192dd6e1

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.NBA

MD5 c81d7b8d450585ea1905a5a681d61d00
SHA1 29991853ac7acc3a5ff81bb950a3d62e809129fd
SHA256 4e2e23b09d9cc37ae3d32e82b3ba1139cdba9a244e62f194f83f0ce2d5da69a8
SHA512 857fc6ffcd795588749c5030c5255430e1ca7baed73ab70e3196a7ddc679a0f37d6302a744abb4d3a5e4300b14f58b0d982e3ffaa0c92a89aab1504e3d43524b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA

MD5 e990b65fa90ff4545da006ad2a008ec1
SHA1 dc98e831ca873094b5f1895dafb78f91de520999
SHA256 736e5c607153542fba7952f10c90f691e04f71dd1da8976f6a63864278dd178d
SHA512 372f572d471b30be2194a207981ee9cff42c0f2e165f64253ffe9f6141bfa9e2bd1869bc16efb88fc4287c860c9405ec1be67eee12137f09e9a247ee73de8e8a

memory/2280-4261-0x000000013F970000-0x000000013FA64000-memory.dmp

C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 364fe13cdf4cd774bac71851d0483fd8
SHA1 b5280c6343cd7d5af125c3e2850a5d6fab8045bb
SHA256 3dc32170e7629aa29e68446a2dc051af692c04be4fd27120eaa5abf7785cf4a0
SHA512 098071755f5d8d75650e8c05370374647dcf2f02417772dde3fb41076581f860d03dbfeffb41ab9500e9e84cdf418e571fac2f0a961ef61ca804923889c2a438

C:\Program Files\Java\jre7\lib\zi\Etc\UCT.NBA

MD5 c0607807894727fba8978d5abb3d82d0
SHA1 f52f12c01dc23cd044c6683f89436c6787828950
SHA256 90fc9f66ff2c393032066a1fea480b012df24a035d3cdd7646d93dfd41ad7011
SHA512 50af49f8ba50596cc7de0fe973b04d49c561b50a2db66e4575581819d1595c26868adf838ba1511087456912d3f9ff8b3f8e666581b320536f1d7191f1266863

C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo

MD5 c9b7e3d400efac69a88f55746364233b
SHA1 5bb89bfcef59d5a2dd1ed6e362a901e9a1daa12b
SHA256 c09d6fc2ffb1d287b08949c7928976e0ef842d8e61481e3263ea9bc00a8e6a61
SHA512 1c121cf1920ce17ec42d5af317259ade729741c086cd7b445041d3233982058d8144cefa484affc1b47041dcfa0d34e13cad83419d30dcf58fe8d1960b0be8ae

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT

MD5 aad39f557f2eae09b22c3516cef3fbae
SHA1 f43892a9f5f58a4f231c1e7e88d1c9a8ee5c6e44
SHA256 62109b2c156bd8bcab4909d603469b6cc0719b32a0b4154d476fe854f943c776
SHA512 b25f3aebd5e573ba86814faca3d25025828a2fa940d2e2563b5a9815f445260e81450992556f053d559c8b967f8ca7c749345643b06dbdcec23879400b38f536

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt.NBA

MD5 f59bda5dffcb6ce7a1c88149fd7bdb50
SHA1 53158aa2ce78509d38979d47a8939da4ed5f09c4
SHA256 f55aab772cbe298cb382735931358ef1b36c56ff8889989fc047220a33585a2d
SHA512 19c55a7ebdd34bebd55805caf37c13e722cc75ee302098c7d6b9bab742b74bd4bce3ade5086b96265d7aba4e70423d3cccb79425ed7ca82d02f5a8824b0c30ae

memory/2280-8506-0x000000013F970000-0x000000013FA64000-memory.dmp

memory/2280-12118-0x000000013F970000-0x000000013FA64000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK

MD5 a102e44814c3dc70705eb413d976a5ca
SHA1 9370cbf48714992b7005965b4ef6a17a641f322e
SHA256 76c0715613c2c9808eef6c51812039cc1521b26a0d1f85a4749d31714208e34c
SHA512 49466bb23cb9a9938922ef137121cf6da16562ea0fab001e4ca541f9c25afcf41eb5004afeb088d79b6a5a33c1d1b14d44b6bf7776c91f4ef05d1079228f1088

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK

MD5 2457712ae9608578db2c56d8a7cd3376
SHA1 534e562ccf79e571473722ea18432eacb4cab9bd
SHA256 7421638e21fe0c0415ce4780b70de1b5293ddbeb84477ebfe30f5104caa049a8
SHA512 2ad41224122c9519df7295912e17cc0a153d82c53b25360d5998f1cb24d4b9a88a25c5214ae61e9054ea7abadbb0dfdcdb382fca0ffdbb8181d6c47480fb4ce7

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_OFF.GIF

MD5 f050629b7982c0ae6e30d9dcaded22ce
SHA1 e4e7faa4801c0ca837b6c5c0debcdd80c20e2c5c
SHA256 e72a599571edd1608f7d0ec0c3cf2aaed8bc809d0cc5c915d2235fbbd36c1314
SHA512 aefca4d27246d244f51c0fde0d96610a197b2d25c9cb35cf32a4583d7b48a027179fd0672f3aa6062c858fc10e9bcd85d1fb8295b1e98043978a5f12c9abfd91

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 82294f976adea900661e48b9226d800d
SHA1 62842a070cf8fa35ab6020a4babd1144b703b0e2
SHA256 25754e4f92c042d449d8f6d42d6f40c43d51b9ccb912a2074ba62fcaf75e49de
SHA512 cf677d7612366c634aeed6493dd52f4d244db0ee5159caef6311263a37ebbcddc4c1533f85beff631fd4f088cd0b8ee13d35970f368bd278e22a9fab1f33a875

C:\Program Files (x86)\Microsoft Office\Office14\1033\MSOUC_K_COL.HXK

MD5 363fd3b6cc669cc9a51aa524e024b294
SHA1 267e0bb738daa7e233c966995617dfed6ec642c7
SHA256 7513a028b2e53285950dd4345eb2611f22921fee5789630792d5b513a85c3769
SHA512 e35e8c354a8e8abe40a861be3f854c4e286ce9bf9908172d736ad36ddce45a7de1abda854f52861a268d94e3e646ed6192d5041d1860051fcaec703115801c7d

C:\Program Files (x86)\Microsoft Office\Office14\1033\MSOUC_F_COL.HXK

MD5 a0db24d76a487327e8dcdbc70e851fd0
SHA1 18ca0ba91cea2de27b41782353cd813cb4b3152c
SHA256 7c899cb0c5647c7e20e6d049863d78e0ceab7ec9ac08289799601a2e2bed87f3
SHA512 ff621af3b22880423bda980c433a1e0b6a00e20374a9aef7e6cb48cbe4de9a6671dd0fe9e2bee1f0f40d38743922fcbd9b7303180910c09979d64661a05444fe

C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD_K_COL.HXK

MD5 d03c5e4b8f94896c40ca9d1c35144d05
SHA1 7ee8afd1bfe2d324ad219f299b50d707d961daa2
SHA256 643005e5c1dc90c6b7905ff89cc41035535b5455e57ef1cbab93c1b93d83b3f2
SHA512 b16a1a22ac800a8ff967d95b23a9bb979e561a629ef065d612e656a7a19c07984040b9f00ede1f46d5a1cac8eaa09477e6cbcaa792e6571bbe05846c3400c1b2

C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD_F_COL.HXK

MD5 d0850bf0fafe109fed716c7ea3942ab5
SHA1 574ec84caed076995f753b30ada2815b6c3577dc
SHA256 10ce4e20c9dc1d3c70ae010ba51c0036febd536e93c3dee47a11bd6e32023a2f
SHA512 0011db788acb66bbab95724d0b6b25610009122586a8bac468c466a7c5fd1c1553630cc282498a4f50859b290f6967b8125638bfa8e204768d6498890e12c566

C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\ISO690.XSL

MD5 7ee5ac959a757ab61801809efcc9b8ac
SHA1 5b8c8dc3a82059c302d789be6c28118590edfcca
SHA256 8f6eecac130abbb343b23b78c6feeb7a6fa05a6a1cb4496c2d668ddd27b97605
SHA512 865a3a53d218af3392d6df7b831951e838dea08dc2efb49f3146f4a2d9c27e552c56ba94ed3b5bf266a76ad941b180d3577db1c490204f45b3a7a834079794ad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\TAB_ON.GIF

MD5 b5f175f3cd11b5867d6fb4c623006070
SHA1 40564d7ce8d4f32e6b2b1b7b8b732374c4e0c85c
SHA256 1009819c2af86a8694dd2ec97d61966a8dc75c9baae5d8d8c2b9e2c2681fd919
SHA512 562ec3b22fa45961308792a294cc4dea92f3f3a853b1f77ffe43867b5756d56a8fc7d8ecdd164e985bf4cfe9d1004aef67d425bd37a2c0431a0ba20ef033d214

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_OFF.GIF

MD5 58c837aae67287c89c2d591e773af9bc
SHA1 3076b39ddbadac0e6c2ffbb921902ecae0bbd8ea
SHA256 e3cd6ce5f68b6725602536e502e3ba2256aa29fc7960b831996479fea127beed
SHA512 dcb45b6379ee4568584a416f6b1b00a7da2c423e57a8b9e7591443152a87ddf8eefc816b52b6f1e6a1b7279c38918ce0ae9549ca65ffbf411369c56a61e460c9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF

MD5 116f0c407356be256c25ba9d55d52264
SHA1 06c330efe6ed1689fe17de3d0de0eff5e215d413
SHA256 0a495248256e3a735f008a207c89c7b22c7ab1b5b3fbf240f7ffc0a41285f789
SHA512 47423440c97f53b5afd23ca0d4210c05bc01209397b7326bff133504fec6eae75b03e9e58cad35b96a126a6f7a8a49cd3548c6671ab3aa86c0ec4114d59b28f8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_OFF.GIF

MD5 42cc7c90b4153a2dd47d6ee40af149f4
SHA1 82599154b09fdb90b1372ad412e09e3bcc0fe945
SHA256 1a4c3cac1a84a92a3c349b3c2925ec5df6bf0403e5fae14b38ba0250cb3a2d08
SHA512 c1522b88759f0ac3c0c90948dade941cc71dd2e1739234a3fc8aca9859a928413c235c2e7a5e52d80c2ae22aaa9ce25700a52cdcebecc3103065249c7e2b48e8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_ON.GIF

MD5 81c7df17dbeb1221b733965ffed22429
SHA1 38681e7e9aa093fc1d5257bad487d5d445be9a7e
SHA256 11650d927ec5d20cc2b330df1e584ec426a5a33cfb304f7b24a5f3222d28ea38
SHA512 0a88d8d2e2caf0251902eaa5ed4df73fa570c9615103b3441d78516ebe5c80fee40160a430ad004d488b4f591f476d5b648022728b86cd969e14c02663de2f26

C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

MD5 23c2bf91ec191f8c94838092c719d6bc
SHA1 2e76bbd74b26dc387825dbae344b624d07661877
SHA256 f1bdfc76c2d78c33ca262559f833f9ec41fb00e7a126dd3459b66e2fd44a48bf
SHA512 3be393a6b29f823fc59415cb235856e506dae33c2f43ce815bd28ffcc33b8e71584059c883f7723f48726f63ca3692d0d6027f14261346f4706559de2c36adaa

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.HK.XML

MD5 984a94b643f9a5da36605bcff153a7af
SHA1 9e4e74496354d4adf2105103d6aa9c98006d5b67
SHA256 63cefe1b6275e14623f3466444129157641707858c2f688312051a9b79ddd691
SHA512 b43f24157391f1da5334850ceb15739ab09b1562c8574c044a4e3aa609e861c9b4358686f9d55463c9abbfea861dd498119af8e7436edaadfb44b81c98f4cef4

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

MD5 34cabe83f60bf35eeedda3538aee348a
SHA1 debe8adc8ba69eb2c3f02651df59ea9bef116b31
SHA256 1cb88d4e6ebbd7cbf0e6176c68478c673361068c60b9de19c90bb64b3d14fa18
SHA512 dd9a752eb7d684c8dd196ff72ff424fcfcb5b881902bdba8027ade4bb4846b09c5252e4e1f1c293b01a37ef5c7c383e5d6f94ae1c0773b242608d39027f21957

memory/2280-16181-0x000000013F970000-0x000000013FA64000-memory.dmp

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck

MD5 588f28321b6690f3e25dc8dac7e147a2
SHA1 22ccfa0a8abf3bd8167d600830d18ed11f45e1ea
SHA256 a25ee497ad8b4a3717220146402efcf291bc7d8e8ca888754dc6deeb059d590c
SHA512 92d1870b84d547db7648c96e04599bc53c3a4e268fd6f21892e34b6241497e2ba9fded6501e96303ca4e329db1582299c1734f024cf3fc85c76b799b258ecad1

C:\ProgramData\Microsoft Help\Hx_1033_MValidator.Lck

MD5 7ecda8fd547574d0d2c785a329c1abbc
SHA1 cb3a5503ca258749d8df299b7386efcb7b743618
SHA256 c0d11b4750796607669e74f4229f80a4128c30edcc33781150ad25db38ceafc1
SHA512 a7c15a38875cadadadbf671a555eceaf4daa76b13746a2e5ffc8fe34c0a9ee0abd42cb9109b2be045d81a49051f0d144897d3efbeead7feced98dd54d330c47e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

MD5 410814158590af1bac5bcbb8dbd96084
SHA1 25c3917dfd962d651bd3efec457645f79a8adc26
SHA256 cf2c69fb54e8db145167224a12d1e61ee50138f03d0cad278ad37445fb5a211f
SHA512 522606dc47f887a94b57b6fe6e5fde4fcd5a63783e11e9bb4080cc38e4fb3232542379c737597366e28c4cebabd67b3b97173f7ea59b7cec4463d3b3990ddb6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT

MD5 650c4231e53b6d971ace58dd4ae83569
SHA1 b8bec6004f98f91f50cd85bf44569912eace5103
SHA256 784120615a8b60802e911d4835804d397bbe95935be28e6fecc2feafd13f7508
SHA512 a15c3deb22704d9d62801ca01f6f660c9ef97b226a342543a21664ecb4e00dc604e895ab5174f82edf15d77121c651445ec8e9c270245ae9cf101bb7f478ccc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 017199de85c3500a2d05ad7bfe66c8dc
SHA1 5bea863e13f1be858a4db87f4984ad9d219512dd
SHA256 c7d9b388136194a86c5f8dc9c7d06eb92307494e6a4a591a87feb89dcef4af13
SHA512 537f5ecc84bcc313190e1ce50d3ef9dd4e3d81cd4f2e6c51a4a4322ef4ba3ebf770c99d1727bd54c5e70526ff2f1cbd1624dad59c26209bc14b5922f41cb9d98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 66ed5310073067cba3535f0d99fceabb
SHA1 daa5111e8c8186641a502486dc54f7cae44a6926
SHA256 fb0159b2be7a6cbe7f163566e850ee7600fdd06eed10e261e84d792e1ccec3a5
SHA512 9ed544928f2820da03b3812f950e779975fc061a4e8f0e46c4155e4ed9f09f8ef0e6b5b9bdad1faa1a3638bbfbfef0f80b095cafe8276257a06507a9fd38d938

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 f83b4a14897d7c792fbc1816e75817ce
SHA1 a8210f5f87f3423dbe32e4c8f6c9dab24afb1a4f
SHA256 71bd887b9af5fed074107c3af487c04f19a342c7017b1e20bfc343c2c5eb3307
SHA512 672c677ab388e17dc10c269a99cf397f5524ca0206f3b131d9f51a686692d1a4b016936e8a50841664d0ab2d07f2a46dc0290fba2d1c9efec5dbb66241d39411

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms

MD5 21554c530e946cd06c9ee48591649bae
SHA1 3837d2492418cac2aeb04895c5a1d10d5732ed83
SHA256 a553a85f6928a1b093dbf37550ae767e9b9368b998d9ed7e270f6cacde062a95
SHA512 8d455299fb637d0576852f33f41d36727d3c07b09e92c595ba423bcb38b893cccd821caa4281fd0ea6105fe9fe73e1a187149ae0e70efb939357ce88d3289c68

C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini

MD5 675578a796217c287c3f9b8c09b5829d
SHA1 e091848276ca9390daa8d04f3e099931b7f7c64b
SHA256 e3a034da0a1026f64cb302a87cb74246a0c92b90c847585bf23be29d2301aa08
SHA512 9bf74fe758e5b847f341a95b405227c12c642089f8aa9e57552613aeea9f1a8f6c65d26d41fae10bbeb4183372ceab07aae5921562c8d6a48d1be208335cae64

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 47c7349f468ebee90c048ffb9e203be5
SHA1 df28b06e837839247c05efe3d156f1fc58fe47e9
SHA256 8d5282c19eea8d9a541cec1a6fa1284bdda2d61d845fec92317d713a3ee2a095
SHA512 c9215c90c0b2dd2f2f1c0e37b40447ac79825924eb82e4cf82a858d5cf2a2a6c20097e7a5188914a3d7104b1c3f5564bf4d18c05ff176fe3cb3596539a788ba7

memory/2280-18859-0x000000013F970000-0x000000013FA64000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 02:22

Reported

2024-11-14 02:25

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe"

Signatures

Renames multiple (7725) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\AccountPictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\da-dk\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Common Files\Java\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\System\MSCOMCTL.OCX C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OART.DLL C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\css\main.css C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sign-in.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_ko_135x40.svg C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\manifest.json C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\lib\orb.idl C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\IEAWSDC.DLL C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\cs-cz\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\es-ES\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\applet\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\net.properties C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nb-no\ui-strings.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_pl_135x40.svg C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sk-sk\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ru-ru\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\tr-tr\ui-strings.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\cs-cz\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\it-it\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado21.tlb C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\pt-br\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hr-hr\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_k_col.hxk C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\it\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ro-ro\ui-strings.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\kn.pak C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\joni.md C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A

Browser Information Discovery

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe

"C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\readme.txt

MD5 740589569b04d248a322588a6a3ba703
SHA1 afa81f06545da432a7e2f5d32574ea8dc17f3f53
SHA256 3e5e8c57f927e2fad1d577f52e16cc76f10d86013f921dcc85a129c67ddd3410
SHA512 0d337f86cd09ac78d33f58ed7c4585648db036d12721ffe202a8d9ac239ddbb5e34e9ee7430e9720787d4e3c1e37c2200269fe62cfb4f21a0de49a11fe5ae91d

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 281464cb5e1472009a2537e995882926
SHA1 d0a76680ad99b6d6964bba1a8b7834f4049e13cb
SHA256 07fc5665ab00a2d6441c1c10bc4e98d39a93e78c0cecac3ef10971fd3de661b5
SHA512 edfd17570a91890dfc5cbe1ee80ce69167aa00dcb6812b90f451cda2ecb18739ffced51cb89df2c1bea1bc8c6ec03780fba76462d38d8b1788ff6e5593eecf3e

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 cb939c848914765adb60c54282324d42
SHA1 ddab844adf573e0299836eb4177b8fc31230de0b
SHA256 f36f29f04a8039f5bab5798a15c6c16477decbf963beb09827b78c6aeb5065d0
SHA512 c4230422e451985684fb8f27dcfd751c919614953412de9c29c85476bd558663caa7a3170baafb2b8ec8808e866c27eddcd87774c732e49a2b3227d1c8a6615a

memory/4768-4580-0x00007FF747F10000-0x00007FF748004000-memory.dmp

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 608bffb04ccc51bfeab86744ec58b83a
SHA1 a1b0fa75d45e19989ba56bd084b50965cf8af062
SHA256 23f2d05be21b4cf3c90c3cb97921e0f4d2a1f4c71fddcf51f0d8ebda411b417a
SHA512 604ef51a155a2f675dd48150e895138302b64bb46f732f60c0b56d0fde0848b50a982472204ae6a483414719d5c7ca065539c076cb745fdad77a341eae211a29

C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.NBA

MD5 58982e2d115a01a2b758a9b6640e987e
SHA1 31ff696541003144c60f840d837ce378833e9d18
SHA256 25a2cb04d32378e9463ce5b08d13f3b93f19007a629b577d7cbc8b6bff76cc25
SHA512 70bca4897cd5d6a350ccbc3b5acf92b7f4ce90f97f6a1b69cfddbde339d17d9aada05249811bf227728a016560945b95a347805107521f00c54a844354fb87f4

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK

MD5 ef48a251e4a1ebb76a961c761b861eb3
SHA1 84571f92ae32a49afb56870d0556eb78b2e5ae9a
SHA256 5e96dd0ca88fc820070713692a9df0e1c06d1aaca6021f70e948015512a595a7
SHA512 a7da399e9aacc7022e64ad7f89dabc99a63460691423ad5314f39de9b33cf6dde8ef52ebe184f757d3bcc48dec3d43d5c64138eff8dba5aa823eb1b08021b164

C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL

MD5 dc906a6c7a500acd3de0b091c2dc99c1
SHA1 2a778d5dc7b5bed1dbc85c33b90adf9c7b773e99
SHA256 07c3f6ebef133e5d868160e4ea209e2fd3b8b42967fa69b72b67fa16ff970513
SHA512 784559041dda896e8bb1c2235ca958a50a9bef785cd8fb147688095d3d03b00ac8b0d16e5d1f2f6a3735a07bdb0302bf450e4533b296e18d1836fdb075043527

memory/4768-8714-0x00007FF747F10000-0x00007FF748004000-memory.dmp

C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.NBA

MD5 19e24c973d7323041ea4f25121627038
SHA1 a1b0d6c09d079fdbb4813284b48e4a7a7b6fb4ee
SHA256 dc3d4b65ded74faf02257ce321bf6cef1af7784d71b714df57af3ae937b2f1c9
SHA512 ff20c168840bbf0810e78e73aab49fdea6b781af23a3820fbea587220f6a5d9590256afabb91609e46a6376c958b59c383c46a36a0ed4ba7dded2d3fa80d6143

C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo

MD5 e3c0943208f8535312d462f9d102787f
SHA1 84a35a7b90bed2abf02de5870b16458c33adc6c5
SHA256 85d23e2e3665ac8ebb4466b895e47b61080751994ad84984a652d99ddd2b4ea1
SHA512 8de0688ecb9a50bd9805f3243a4bdaaca70edbbd943fab0d964145df29c5c62569ed9ae2ae611cd9038e7faba7ec00dc827c9b05dcc03d80e7dfc81cb7c91bca

memory/4768-11257-0x00007FF747F10000-0x00007FF748004000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 dd7e3fbcb500edccc93c75d753705f80
SHA1 57a9a43221586024cad948636124056ee14c8de6
SHA256 973651a7b51a9f1a4c9b55360c087cbc10e528cdde15764bec56d3dde282aed8
SHA512 7839da427c9e2a9b5a1c748fade1b8a7e70f9f0d5aaa8ef10d7bc87cc7ae1becc33604a74ed038e6d8f266a07f4e806d43663a20ec4b68f7062e0f49024b1a76

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_remove_18.svg

MD5 bb7a46ddd9828aeea9d780fbcbac4cc5
SHA1 1e0f456e8b825331a551d0350918abe2d6db7c07
SHA256 4c32bcbea9f0741c1a43de6e6eaa2b33c0723dd45f191fa09250e8b1fa5a1200
SHA512 8d55677b68ae3562e457a864ffea128a14c406aaf89740e1b4393619b6cd78965735d15f99ac445582b12099ea1d047f65cdd6366a667cf3e32538f148ab4117

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ui-strings.js

MD5 c4c680b7ab35b92ee776ef6c04b1dcbd
SHA1 32a79677e4214d9817eb73784fb709a4d4a6a87e
SHA256 b452c8d2289d2cda8ce9ea62a35a7c2cf1b089087e55f919e1326b921b263e32
SHA512 8f394b551f813671e85112181c8623297fe89c49807057d97b754a1307e137b3174ab621c25ef0473e40d9f3a247e29c8be6c237dc871a0d8c489967dcf3d988

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js

MD5 a2bceb9ebc104dcb4a7490edc2e64572
SHA1 82c63d92356fe2217481f7fc8e443f7d89e84274
SHA256 a92849b5ab0c9f485d3e9eee3c26abc279a88e4aa07d59fbd3e41c2d771a902d
SHA512 0b8454800ecbcefdfa88e607938a0b17ec65e299ed9f76df1929f222fd5b226e1fee9ddea9e90d73b410b76d78a9d104cfc958c9f853dd52493d6a6f14d246a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\ui-strings.js

MD5 13113d82ddbdcfbe2cd0c10036f7e8e8
SHA1 eba1a55b012c2942e679878e9d7678d20d862c4d
SHA256 17ef68354a307bfc6b34a87f9a326a589af3fee69c9b56af810a23dbf7b01af5
SHA512 32cc38015a68b84f448e88f88d66981ca537f02a1d416639edafc364624fc86180a2c844f5a6ba31546fb6c247ff3ff4f34fe08fb2abc7d5e70b9fc47c7c09f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\ui-strings.js

MD5 c548bc67532fcc51ff4df11efe84c87f
SHA1 8f52473a2c7fe5ef6f29668f965242fd51d84a45
SHA256 fd1a9cf8bd6031201632fe078de749710d8891b0f5d1e8066afa55618bb975a8
SHA512 d652e5468f3c2fe4c2644c87926e3896d064b4ca24dd681ffc564ff0d14f307273a2880358c3bd811438ed83a5998113f475259bac9b6be779ec58ed3a73294a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js

MD5 09c5ba5222974170124c6e2095e55c7c
SHA1 29ae72ff5e0e52e620e713b6b22c729570f32be3
SHA256 4e31c88ca5a8cb4ea31f606d3379b2fb233debdf7361ceb32f85aa56090b0740
SHA512 9f7c1c62bc19f51880e311ed40a36ea91c1dd207c8375a9b8a2a440f67ca4a26df83c603e1d02529d7fc2f84640501150488330131a12a38c2d511970545f652

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-il\ui-strings.js

MD5 fbbb4bc290b075f05d7c766679ef1a37
SHA1 26c901b79411be743e4098cbc10c216259298023
SHA256 3093c9993b8ac4d779d8926141d4de8ba21bfd7fe11d36c6d10b0660c190c0d1
SHA512 1e7d66f3a3f38c8bb283e5412d307f64fea9958ea2d22215f8148e3b0c178a5b15398ca607e17b72915ac55a55a885f1a38be0707f394ddaf2b7b349ad6ea0f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js

MD5 dea7c0da6c121562f6146255c1cb523c
SHA1 07d40b41fc7a8146e872f54dee3ac0b90b46ccfb
SHA256 d75f06957f180350fb0da00fe145d4b7f024f52bda5631dc30c8c12bf3c4cff0
SHA512 31c1cea22bc77004d9b788df61a8708d3bbd7b701672171c7d0579cd7cd1d8ad2fedbc9733fc9da12839d5c29400c44cccecf65dc4291bd436808ef421f43339

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\exportpdf-selector.js.NBA

MD5 6cd2360dabb5c961e69c87132e87cdb9
SHA1 a4106cc506dc28d0a2a7b3be47fa55f27be60a52
SHA256 371ef576f0989b7fbb7c8b4692c7d81abcad7b2a213b22ab6f4a5fcd46a3bcef
SHA512 eb85bb043eac56ff47b0471ca7a79054620c40c9f443a54358e7cfe1f69dbae76189a6e29cec39c385f29e978e85d4cee41ea29109ca2374e96c47f03e1cc80d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\ui-strings.js

MD5 0c0cfc28fa250caf0f2ca720f5e97766
SHA1 f4bbdaecb6453f6d6b917d23842d9ae6e8e9621e
SHA256 b2c2b1d97c1d8c2aa4b494df81c6b95d3016cdd5a925fe203c224788c3b97191
SHA512 5d7af28006e89f205e3e0b16999b3cb2dd83306294d859e9c7537878ef58320412898afbc1be70b23a922738c05f3072f06c4cc7c8cf1ab10d55de1de0e3dbb6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js

MD5 a74cad76ee69735a3cf24d94f7e67fa5
SHA1 9fb9397e87dc079dcc602cadf4581d90e294a1d8
SHA256 c3a3bbbab2e28deec728ce279e144ed54dda64a53190a116b3eba770ee323f7e
SHA512 128c5b8b0f4063e81022b20102428e7cf440b223c8da6dfe15c3f78dd9f14e71eff8d7a47ba1bf1e31b34fe57711e87730426457ccd250f9e1922fa9f027ed14

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 55e07c8789ef19b337e30bd9a1c1c59c
SHA1 620d36947456c7e3a03baf0a6ba8477f92bbc02b
SHA256 3ac5f3f0438a74014d0acf0caf9eceeda991cacd0d5a7e75f7df71a5c0ae8be6
SHA512 90c67ce2b85a370113fdf0f183a8bb6bfd36ab034376a8413cf312db473d8e558f753b5b72af08489e90bf0cf4a51a475b3d142b9e165c1af981076cbb49c318

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 0265ebea799547224a30db96cbdb9cf9
SHA1 3f65251cbcd456f1c3c30f5abd739c79770661d9
SHA256 f8ecf1516d90b40dae6abb1f0fa3bc5d880bdefa915c1bce4959858d1f11bc1c
SHA512 65de16f93b1d975b37e5406a522b3508bf329409453df6606a0fc4104bea2e505899a5790aa80331d15664c1bc63e55ae9dcc588293a30484fd0e43077f8b8ae

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\ui-strings.js

MD5 df54d72f6d8023406055a37382e232e9
SHA1 6e12dff91ff5d0dd279ee9b75029d399f4981ec6
SHA256 0846f3e31883cc0618a86f020c6dcc799ee2e32010d83d9f34b84b775b99bb56
SHA512 bba1c539a994aa44e4382d1dad540bfcc820259ac88859d432cdec78291befd60703ad086c581cccebcd42f75146bcde389b77fa3847b23855e56464cf367a0c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js

MD5 f6b5f4d176b6bf2bbede95b4d587cdb0
SHA1 5cf65ca298d696972fff657513bae76f0e3840cb
SHA256 c4cd474ef5b74c6a6dc06a3a6c658137fcbd7ece08442064087c7702e3ae1788
SHA512 f44a3822ed5ccd163a338f38b1ee00956ea6955e5e79b6e73491230e1516fc50e4bb89bf83cabbfae5b70952dbc8ef1585a71649d8c3999ace6e8358db13421e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\ui-strings.js

MD5 cf2a9208fae61ced940eb3e9da28c418
SHA1 2069135ebba5154fa709293b3b34df76103f0a55
SHA256 bfc9e21f2ec7a1d33cfde6915c088cae798fe32556c0d9dbe601bbf043e4a43f
SHA512 b2cc2c6183408e297e5aef9c00b0cad804b2b2e653a8c95a59e11cc0337c08d312eea5cab70e479cfc6eb29ec1092bb1346ed00cee837f481ccbae60c466da9e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js

MD5 62554f1e0769e8c8031a8a2443ea0b79
SHA1 24950a04a05704dbdda6b19eb44a34cc1f3494b5
SHA256 f86c418271c6dacf7231dae505ff573154cf936a22e0906823d659c81fa059dc
SHA512 800b9f6540a18e3fc3c6cd216f01199393811078b701bd70f6edd44324bc0920e60b87d7f44c6048e58849d7c700ba63610de5bc5fada4a8055d655cdd5aef9b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\example_icons.png

MD5 f518f38eca4fcf4e99b09ac6340bab58
SHA1 fd876aa7b168c93513ac9bc0056b45a90076adc5
SHA256 517a051217ce42a1104beb1f2169775637dfd46d81760d97711d853191ca5a19
SHA512 37fc010bf8740fcaa5f7629a1603290e5a185a966b372bed7c14b59f5a91d4abac058491752f9dc531f04cbcf591c9790112220059bb66c69baad5ddf59e6bf0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\example_icons2x.png

MD5 8e64ccb298f3671367fe97eb1690f613
SHA1 19c6c3b671c8c208da2f334b05a021d2079f1698
SHA256 3186220718ea3fcff6cffbbe476f24ba1d1a9904f97925fd7eabf360286088eb
SHA512 5335c9b15afb1657a6d515c2e9eff4870365e3daaa6132e28b5a53ae2da7105a3e1cbd463052ea5121374179c3fb23ef30667de1b8c4bdf336dd2c9aeeb21cf5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ui-strings.js

MD5 5747e3aac8712dea16c3dbe5a3459b4f
SHA1 29e437d29850ca565dd31954982f9f2d6a010b7d
SHA256 a63cdc57b457caf61e5e451cc674f5c3ef70c5b3163ee7d0b6b5e33bc153579c
SHA512 073879833f95c6e18e0af4093359fdb9213b193034d810d37ba0ca069b6409e0bd6543caffc5d7805d55676cee04a91dd9df6acf285e52b6dfabfd4dd7f3758c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png

MD5 797f3776d1f0215dbd9afafe362fdea9
SHA1 5c1a2b70d7038d6e9e98f8457c5f74708933ccd8
SHA256 b4561f87f494ed18e4c7286c61a1604546a3a79852c896c05589563d8a022042
SHA512 da6f840c808007cdaf349f87a96eb32ab118040f2ed158da6768bbf32c300018cb60be621ae2b2c9f91ab680ebcffcbd15c994f68f87abdeef7a7a7898dd18e2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons.png

MD5 6a6048ded7ee6df4f0d0cad4b0bfbe82
SHA1 89afd89a61443ca1f88ab8acccd4c0d6d3d200fc
SHA256 d0ba2fb2ce350231bd27b21ac0bbf96e3f6f8270924bcc0fd0845d02b5e84b4b
SHA512 e5d942399f3689bdaf8a130e0e240e6aa6a9a1a1f4bd0bb661990b209526e80e2d0d57d9e2462b93c54bbb412d260b740f56ddc82a8e3c5ff88d89fec173f246

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png

MD5 7360ba0126a679c20a82b7799ccd66ad
SHA1 5d9c4bf849c9f7063af4eef4036a6831a0abaa84
SHA256 e131dccea880805740b79c7530e82256799a4b7e3a973924d429e6f38a9d6e22
SHA512 67ad39ead28b864fa8d52a92e808ca55e9189a3216f079cf8e816ac87a37fdc17a14a6079884536b48cf48273a24937c2c4970f32819718defc5b71fcf0ad702

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-ae\ui-strings.js

MD5 d54f016a0f9d440283b39e65b6e5b39d
SHA1 41066cb25ed883a6f4544b28812c98f67d73cb66
SHA256 25a51addb9b24f7332d17d4aa98b1fbf87ce033dc70290dc44bb127ab155302c
SHA512 95a800967727ee763e16f9e184a5ee9d12c1a6a6188cb78fd2812f2332d494c0d956b1c1f3528919f21de6797294a097f888bc3d6e1eace0049b158e7c253f83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\ui-strings.js

MD5 f37a6f86c288d2853a207f514e9e98e6
SHA1 abfb3e992b023551df2b0e23b55f7bbf2de9a384
SHA256 1b3d85b765e0e97d440665353d869c239a71549b13fb1fe83da3584f0b4bfb11
SHA512 4460902e53d75f8b0c2ec4586211064b5b5f0703e4e7fc01a13bb23a3adf8bf04b6bbfae0a3cab8cea90c86ace36fa49c4f3b23c3c746d66e86ac5773d16b6de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main.css

MD5 28054698ffbeebd333f220747bd6a538
SHA1 8320d2c201cc11880a4455ecc8e4f1e454e9f4a6
SHA256 80e0b538bc5a504ac6985b950c606400f35ef0d6f8bfd98b7b207021c80d2243
SHA512 6b5f22e2b88b585b3a46584c1239c2657831b6162a799c30e0350d33a4cbc6ade3e26feb6e1502019b6033ce538bdc4dcc2da5c2c0a776e7bd25dc31a845551f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-il\ui-strings.js

MD5 cf72ed24745c8d156064ad94378abbe9
SHA1 520aa55788c4fbe18b9f702a389346648918aceb
SHA256 ce5dfaa3a61ef7d880016b0e6b5826b8b7218d4b6ac60718ee92d43d9067f3be
SHA512 57f57080bd290ee41d6f1151cdb8217b5caa758a42274180cc06454d014526b83f533993da651779aef42dcce666d302df3a373e132584900f600a9ed76acc36

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif

MD5 0c92d5778c91f23eca1600dd39a9ce76
SHA1 95f7dd27d4e71311d720ca7d825d7fc13eb800bc
SHA256 a359c1efee0f226856be66809f4e1e29db7c385c10110c7ab21309fda7dbca44
SHA512 c40392008fb0ce9e30b1b2d90b4f067f15aead352dcca4bf09e6c85c309b2e7a605f53bb0799424ce67a784db15cdd6582bd167a4fa5350342805fceb1ce7718

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\new_icons.png

MD5 94f696df7b8299269cd123f67dfbdbef
SHA1 710d9a48bf88f75fa578f65c36e379a26ed8982b
SHA256 2b1e909cb226d188e4449948706a10aaf9292be6084315c1e8614a909abd0414
SHA512 1f24ad4f10ab37f0d7e5a4f309b37b968fec14dec8f076704fe72808d4e983c01a0437af00d47b02a5389081900127755214104f9abe39e3527b8eebe64f1b95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js

MD5 497bb715b4cd81ffe60342b20b3d76f5
SHA1 6711786aee1ad645567af7c7c8e4caec4f3bf81f
SHA256 912b8b55531c0bf211e41f2093124192e45802121d7873fc696647524fc3382f
SHA512 bc01976786576bec0b113797fd6baec7966e9437de23d3fc7cc4f2ebfaa1b10c27625e4ccd9ca0417eab80ccc4ef5e0ad8200cd27633074a9a064465cb973d57

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\ui-strings.js

MD5 3466912455dcc83e0ddafbda3049a000
SHA1 3748fc99e3a1c65877164bdfaf8322ecdd6f70bd
SHA256 b6cd0aeced19e37403d526f0828ecdc1f3ac48eef97b0bc2d1cdb22920f7959f
SHA512 90e0774b806971f8c92b96936e1d51d6c3382dd314e18044288f387accd7f24cbdb5bb8f15491bd1efd60bfa5669221f203c69a48bfbc0b19138855f81d59ce0

memory/4768-14248-0x00007FF747F10000-0x00007FF748004000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js

MD5 dff61e6b07e88c40d6bbf3b3c7e8c116
SHA1 9968e60e9abc0e0ca17d649e13827cca261c92b5
SHA256 523ea880d6bfbe12b32becc0bd381a5fd5b2388e4d355ad9b1bd645eb00fb591
SHA512 89f583f4be1261a6b23b2aa64d7e7307bb5185d1118b36e63f761f45d38797491b529c40001aa49eff51338a025eb8ba5bd8e4f14cec9b76d6b5432b6ca3703b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js

MD5 a513359a96e97ab7c9fb4bef69728cb6
SHA1 751b0f1f9a2611b5990939e4a81b815acc58d661
SHA256 033e83b7e07ff3482270e3f35f4246b4ae79749d7c687b4b54d12155f273ff23
SHA512 e0ae19ea1d97d3ec291676e2ce02d13084507c0d2af50f713c16dfb51df656c3bed28ca9ab5e781fda8edefdc1336d527fd9befa930a5092046c9638ad2f2ac3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-il\ui-strings.js

MD5 4fc850f6fc5be0167dbcc20a3707d80b
SHA1 bcfef7db6755e0097ef0333be3e4f4a857e95dc7
SHA256 fcea2cb1545a200617e126aaf081be1ada77a9aedb9db35a4711ea4a9bce82b4
SHA512 cbbb45daf503d29f434137ad0384c4067b6fa711c0c77537b92df29d7234b9d727a2860096a8c549040737672935e1bf9867baa775735dc60bb228af8032247e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-ae\ui-strings.js

MD5 f0e3d1268409f32e0d485349969bb817
SHA1 6d13796d29ff839eadddf3407a5ecf2fad06a445
SHA256 fd03477d9ce0fc0cd63616ad4e8c3358cfd2456c594be248f5e6b60011267428
SHA512 3de7396609d6e30cfce24e63434e6a716506f8e3713d55380bc115a300f6cc6d87ebf8e2cb169008031a1d7820e7ba064280e4e68bed599a808a086b8ca7f64c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-il\ui-strings.js

MD5 f23ae2abb501057350a3a44ff30d4082
SHA1 c3a8d479d6890ce6994d31a22834e5ffed112e28
SHA256 677029d9ab7e7f6064a1cc3d0acd7109dabb2d9bafdd8a9607df484354bdad2d
SHA512 b442a88405b48fe519d0ab95c2d5549a80a126d2ad6e0c0f31518b7357cd8baa2be07d1974bcf68559574bf64c4e95a3b44d035cefe6222dcc2b69352ecb8012

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\de-de\ui-strings.js

MD5 43f3bee04efb756c74636e66c1228cc7
SHA1 1337d0cc68c58aba9d49227fc620bbd81ce33dc1
SHA256 928576e4cf6f84d8059d37f784191fbbf3232270206c4d94196e2d8bbe13479f
SHA512 d6d728f430ea76d8843266d9a67937697e83b21f57e8de6d5e9a555bf827fdd10402461c65bee845a439a360f53cade40226f12f24ed71a27f86116c5d77d6f2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js

MD5 23871456778e6542f0bbaf2414abe0e8
SHA1 179a0c1ff25113f6e080ac1c565cb243c10fe7e2
SHA256 50033fc096f0257764d8771542153760635d908868c87ddfe44cafb476c3ff41
SHA512 00a517b98f184ba2302512a43795b71055826acada1e656bc9ff9fde7a95912a54d060288552b3082c9d48e7b29a5f75dce69272e992b393f19ecec3931f7764

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\he-il\ui-strings.js

MD5 18828144a74018c5164b9242a59b7a49
SHA1 89682ab0fc7129d33be5ce86924b8ba7ba487c23
SHA256 a884e2b21c8d2f131301fc6a7054fda6658b0326bf25ea4e696680e1d219a4f5
SHA512 48cc475be60057ee22226b8d75e638b846904ff5bf7a1e50af8fa153304b1aa3bb20a68bbf06ad98142815ea6c1917e5468655bddda278a16242ed27459beedf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-ae\ui-strings.js

MD5 32e105053b4384cd50285996721b1717
SHA1 8d34939be3f9931c922807f1fbc31a906fbb7046
SHA256 8b8d442915bef235ff55042f4d9655d4106662e6984f13811dd01d8550d39204
SHA512 2dd2600a752e854092094a4a3a3b27e170140afd660cf6c543b70b0fd69a2f8c8b160eb9d55b1f7bd3b72cc5b9523464a73dbfadb151f6b134e9e41da2862270

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-il\ui-strings.js

MD5 dd20bcb1681a850df25451146b1aa25e
SHA1 b4b34a833d380e7e8246b0373217e3756f5acb32
SHA256 3e7f8673427ca92e5988baa9168a83ca2efde0f0c1b5a0045c3720522a69a240
SHA512 fa56e8553103c32ae22a1ab098fc15a8c929eac9319e1a715182ba6d4e984e60ca86f66c598561fddedf7efa6bd41d3e358d8db6b048a2675d999e3039988bfe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\en-gb\ui-strings.js

MD5 149702afd2ad58b075f0a8ee9e612a5e
SHA1 853dcd984123979ea6db697a085d7cdedb701276
SHA256 f4bccf522d2e51701add72ef242ec9df2e74cbc73f9d99eeeb9b7327af44c8c4
SHA512 c2fb5ab721a64351808bafed879ae2700230cb40a08e1a5f0339768e9051dcf2df728c7f67ee2ad8b9e3359925c2b31efa8d63ee4ba4449af71c481b9f50703e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-ae\ui-strings.js

MD5 cc041ec1a9926d2af08b7d06d552ed82
SHA1 b6af90fdd1cb682d37503fb57c2ac25ecd951cdd
SHA256 80875d38fd0b5dfaf6cb228958e239650517784203bc33d41bad3051d96a0bcc
SHA512 280dc45bec052a39571898a257521294b97ebec83c98f2336a042c441ddce7f680ae778bea9b6f2f21d4bfe2188e8be7ba69700479c41cc65089a6679711fefa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png

MD5 6aa8c009bcdf16550ddbf8662a41a710
SHA1 452afbb7964441a1b764140ca834b75ea88f4df1
SHA256 0e523d33ad7d952eb46d4c58c85bce25e0b981f3248c02a8b8254c30b2238544
SHA512 fccf9ca0c296d03cf5539f9a0b5a6409f40dee2331ac02db4415a7a6a60abd78609b437afdf8927afe3dc41a8c90a8185a5b104ca44d4802d10314dd5ae5cba8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png

MD5 df92806ccc29df5b1c1bae72af11269b
SHA1 f985d6b82715637207bcc1bb04d573e93c4ba59b
SHA256 73ac1ecce15c62babe8c5ff2051a8cd54c6a63add655b72f100b4203d3304a0b
SHA512 dc62d6decd7fe8c4e70f4fd4bb62494b15bc475101e2ccfa12ca1e907b6aa3da1607623c9adf6a3cacae2ed57b827b77ed53af050347cfc8a3d4c79dff4ad929

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png

MD5 183ecaa8a0e730b4052bdb1d277f9e4d
SHA1 de80f2e98b246cf7cab592cf46f7cf8c450803be
SHA256 ed6b88877df5b8dd0a13b68cbef86818720e7fbe51535cfc3bc85edf5e2e5219
SHA512 8b851b56a86c1e98e14f952f471f18a2b60b2f9f6768964a8e0e4ef7b09a403cdc20344358ea57f4605854917d3fa1af7ee8ff2900fdbde5c4690e9f7b024b91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\de-de\ui-strings.js.NBA

MD5 8ac695277d7949fcaa4cfb37708358ca
SHA1 8ee7f465ec6bac3887edee7bcf95a57b021ade64
SHA256 9758550095ea010ad05baaa1410d033ead17b057938debed38a7c078bb77d87d
SHA512 de0561c00361fb730750b2d2dd30811ba5129e5063dbc3ea3974d009c32240967e72adb03c6428dde1dbd82c5ec08a9c39321a0793d0d3d04d2e0b59f0f7e265

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js

MD5 d6889b654e994371e4feafa7aa0e01a8
SHA1 c468a9b918b6c55ce7e2b6ad14ebf22529088fdb
SHA256 8d21c4e0857a8220972ef7a3e9918203c48578d6d0dddc771cf642adb8dc5d9f
SHA512 6f6c76ae4000469fc3e4f0ebccaa5b64ec7ab3e28e65bcb3c185870297ae2732de4d74542047aa7c34189ae9f2b582b8d5ee934b7efb8424c5257de64568999b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-il\ui-strings.js.NBA

MD5 27d3db3f0a4fb62122a5af027a1ec9c2
SHA1 aa17920ab4173470b7dd29c59783e43af7e4b960
SHA256 013755b038832ccbfa776a58d630432a2e76a580ff880a998e92998bdfb9a85e
SHA512 21d44e42249ef294cc3d95b38580d60cd9799fc47ee092165a7a5f99ac74ef3aded24f6443d7e9e061d011e73a9d4087b66025f2ec9ccd249add60327572b076

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js

MD5 10de13e0f049ff7023ce637e355a7853
SHA1 97b19d36b770f29dbffbd1727fb96a87329b60d8
SHA256 886a3081fdb9a3810f1022fc00c917bb9603bb30688c92a31ec567df0d33c2c3
SHA512 32a925ae5905f6be2c457b046616c56af4506fdab1a1e1595e3e317fd9a10dace92862c036d17ef19190e8fa33d434cd2996a018ed4cef7254e250b824602a0c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-gb\ui-strings.js

MD5 9fdecf720d47f1f6cb17c7f37057a69b
SHA1 03aa806b03cabcc7ee66bfc3e94da060b2d6ec18
SHA256 f3f6e4dee2ae98cc842769ce9da5c553d907db8af323c62a0f0ced01627a4ebf
SHA512 e1eed4137ac81ce985881f829346fb64b7a894911b9e0c9bde602e58ae69db1ab44fbd3f2ef9a4610060e217c5e403b662d53a80dd85aa5b742d4eed54fae698

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 b7d7d4f5d933c604125e209da7411bf5
SHA1 1c0eefbbb0155443464dcdf827e290c431bba257
SHA256 31f350960bd0e05672d6b310b1f5733c6c54f76964008d554e4512fff49d3266
SHA512 12c1b7beff8d9360b47921af646b030d3dcace794ee27cdd29552d5ca0fc9319b1a5cf463e74951f177beab64b39a33ca8da7d843f83a39c1501390a3ce6a96e

C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.NBA

MD5 3c682788b25973def4a4124ac9fac360
SHA1 0251e55b27cec6dbc67cdc777242b1ff3762b516
SHA256 333ba94ae83cbc6db499994418eef29bfba5b13755a34f44cca60162e681d63d
SHA512 fc866aa8fabe6088b23f7dcb4288d5b0e57f09eb48cc3790e5cc359a6b4ff7e772367ff905215fe4887be88b8ed74402fb99a509160bfd48b8a1b74a3ac36b57

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00001.jrs

MD5 500571c8f6cd3eb033c72ac3c6825ce1
SHA1 a8b7df8a952987e2648be8c45534ef3a8ae651b7
SHA256 887cf49be721d67ea64ca49bc579fe1f9f27ba0cd070d35a63dd3a8b042b18ed
SHA512 6a7bd6b3d651a734d38e59628e075fa655e18d24b00fef89220a38775fb07adab50a660fdc6897618095ba42e10e1d693af5ec0a29cb7d9db3d105403c66af3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT

MD5 ecc6899898b5c8598b3aa763e04123a9
SHA1 8670a5bf2403845b84f460157ae426bc8d2573b3
SHA256 861edba103fb2fed78a6e076f51c296f4a2a7cd3bcb75d5225944c87dfc0da14
SHA512 6f68c419cb3f22df79dc51584ec1ed244f06b1b1a88e1188ecf0244af65326954fdd7f22d446654b7ab3f502e73cb5729df0d30681076d43583e6bb9487ca3c2

memory/4768-16747-0x00007FF747F10000-0x00007FF748004000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001

MD5 6f1bca6d5bc70f3a2c8d635de41845f0
SHA1 89342f57ab0857e645faf03552eb89df080ccbab
SHA256 f5f74f4bdeaf0c4ab7283fbd4c2a52eeaebb4a7b30f58ea2a05a0e2b7c297b75
SHA512 bd80f61bddb9909986f230c12e9cd5bd11c2f9e44006a008231b6af0aaea9840c168b902bc3a6b38b9fcddae5cc083992c58a397098087f6336e13331a87b3fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

MD5 a151eb04187bcbec08d853580188507d
SHA1 75045ee22f1fa8d609dca9b694872f757093b120
SHA256 74be5139f06846e833bfb78faeef7528807ca91669fb6c37d053925333add37e
SHA512 ff3ddf67b02ed9e501c29b2049d35fae7c3d8c6089d16315e65da0dc97f53dd02f326bad33a4ed0f7c0210caced4fc9904346736ff7c0f1286f166460f285531

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001

MD5 514127a9556d9479ee1c7eaf0f8c27d2
SHA1 f06777cfcc6087c1284bf65d5358602c79c9885a
SHA256 ab268ff7c339c470ca2807c20624c04d345169b33d65a083eec7a6cb8661c2d3
SHA512 23e9cf47b7de5c5ccf69dab7b79a5645ce38bf068743097daba529bd6fb3c59955b6b6e554c48b4a2e4970ccd9fc629557c38b11151cff81e30914030e7a12ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_3

MD5 5edf72f46a0a247882702736d18a2bb2
SHA1 98035a13f130c32b134441d64836ce9905a29bb4
SHA256 a380e8fd25d35236d42fce4a188f8caa0f78a163e0ca90476bb5277bfbc30495
SHA512 c135e0fc6d2e33fa551111b38968f42ab05b9f9d2c330d55e3a7087bc2b3f5f048447f29d29a97b1e1b985f675511b91d34eab30a6016e663e33e494a64dc820

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1

MD5 7c76e933ec4d44a4721c686f49c5c33b
SHA1 a3293c556d8e02451ba8158a608cde6399e011c2
SHA256 0c4ddedc22bece4dac7a83e9effcd696f3abca7e9cc3c5289d29f305cdca2420
SHA512 791ca57158b97e4f26b8704c5e6c443de571b00fd79cb3d5ab462074195ff694caa6b69f6a0a845e35cde6c732fe27083f61a557e66bc29d730d380d28bcb10a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2

MD5 8adfa6f6d8aa2ea4312fbfbcee904e34
SHA1 63efff509d825b651e3126c20de5fdc6f8e7fc8c
SHA256 c0fd590c22390cdd93cf0e61af7729e05058c1794ab0366677410d88132ee870
SHA512 b0bb5e4a8cf98c8a26fe6bc2c7a2664b9c127ec946fd59fec6c6f1d1b7ce09e7b254fe2ef2514f4ce2163ef2442ca4654d6fedbc86ac70ad325148c28c025de5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index

MD5 ee2d9790a60c7ef39ad187f9f172fc04
SHA1 10ef7c83c947bb0dadb27d3f2d16db753e83d625
SHA256 8fb23cb8263ce18af3021a809f4b25e0d9b2c4a4c3cdd1f9d7bc15bf05ba56c6
SHA512 bb4ebd97557095c8095842d56a3a53dad2583d9c9bd2870c7bba3c8cb4a0bc11a18e7ba5b33e452a608663502f975ce41303e9f6808cbd3726b1390a470cbced

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_0

MD5 c4f83be08f959b9b33a210f55e9c2e7b
SHA1 b26932f7afc9c85af12b174a6cefd4678f472e33
SHA256 caae5ce576942220a7d804c4c6496fcaa64a7bb9ea1813944d3d1b2754656989
SHA512 58598755254de960426bfc77428b163b930520b254d0a0dee858a238bad1d7f5d78e6f2452955c6a178413a675b78054cc12bbb8522699b6b6c221dc9e8350ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_2

MD5 bd55f44ae4dfd495fd4825d1671e7815
SHA1 24df7f8963938df7da002863f96e70fd95d44ecc
SHA256 9080993e7c7877cc8b44b35335c647ce1176b9c8bd086a80e4ad8ae95ec75ac5
SHA512 bebb009b0543de0517c8d4dcb166fca6a7b5a1f479045228724e0255b92a59051f0c213d9c688f33284ec36ec2be174378c966a81a5981fbe57c628f20c86c9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0

MD5 d48ac01a06f096a30682b186b1b48a89
SHA1 83f4394f5e5e08afd93e7990ad823d25b53e7c4d
SHA256 648866e54635083ddacc34c0494c7234477a0141f14f334dbb25007df6a7dc49
SHA512 5ee2823babbe174b29bafa841a36a888bfaf58155628dfb12357b092931ef64ce1fefceffd523b144897948c32b1522452065c3a7a64fb88151829c7407b5354

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

MD5 f42651295b5805899b92f925784d6358
SHA1 a2bff596c4c0787bbc03069d2c7b1a701108869f
SHA256 dfdb17f3bd19dabec6d86e2d8f85ac7aa28280dae68f3dcee305738060e7498c
SHA512 4dfe82e9a0f9c7c5eb4998b4451d3286d34720e158a7c08d12219645491ed1bc7295f3e2cb3169c4c151b1cb608377af4357cb329bf2907541058054c2e96b16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 e3a5de93aa4794b444b964337896be87
SHA1 569447ddc14caa459fb3f13c78a516bfd5646fe6
SHA256 eb808d1574246bd7cf2cae18370bbf2b741178b80d46a768a6b35c17400697e9
SHA512 1a657d0d71a4931981a8d4432e603049110e534e8429d7613c4ded2e8203db2c36ebfd02751697194e2da4af392bb6526392ae0865d978447b84c1288d17d9cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 b321030fc4fe16e514abe6d2a58ec29c
SHA1 dea709de236399b03c2f7953211d8cc32bb608a6
SHA256 156122833dd27d58c8bffcdfbb35fbc09f2a59d966966989ac806d00d2e08b7c
SHA512 61237ab5255ba6720a54fc36a7513c684055e112d5d7ad53278b3575bf0b83d96718113c74dcf58ea00f20bcf99ce7d52eb63fabfebcb2c6b69bc756c8f652ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

MD5 0662bb5dcb2255d4f185cc76d95c46d6
SHA1 a5c8ed55097afeb36e20def2c6f7fe089b6ce897
SHA256 7e1570684df5c234dc505ffb2c5679f5360773172ebcaebb080382a2ebe3879a
SHA512 dfb254ad9f4d96d19011808de02729cc6ec58b4c3d6b8bfe35c87f8ce1de0c32829a05e342df4751c56df6644fb639cb4816066a98ca1ee0c098b4c978e3d5fa

C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat

MD5 468acb08ada1ed745ff284f55d0beb8d
SHA1 be0844b431338a516a929802b013171bafca4d0a
SHA256 3c471cc3d2562c2ae338d3264b6eb66eeeda4be2f520027ea0359ec04d397fd6
SHA512 85c9363ed3d8c049e938a0c944b6b8e879f2761cdd77b7e35fa080277bf98fa66730af0e3568c4cad4ca4578498b2d86566eec4341a2ff7f47812435fd18790c

C:\Users\Admin\AppData\Local\Temp\wctA18F.tmp

MD5 c8b3e1d430efb6e166333d3fa7945800
SHA1 c4880f4410c15314443fbfacaa40e1244b39703d
SHA256 b3eb4e705cfcde543c924bd7b10bd43802e509bd82500789d6c83aa2872fa110
SHA512 cf50d19c4f998bbca32db37b8283ac2df6a34746a7a417f24db925706947ffe45db05db17adb933c84d2486063e99768184ef01188452437f710fd38980f0201

C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat

MD5 364dce48e34d262c956e2ff0d3d2bd36
SHA1 25d9b1f6dbf4c27d62413a5ddc23fd817dff38fd
SHA256 81ffbc8d902f499c4f242d6fa76317d2ec272302640fd5e5fdf2223ac99a34a8
SHA512 d62189bdbea291b677d66f74f7e4ee1babc69b06120fba63b9a0e2e7fb203e3ea29ff772dd2b4af455646e27762bbbb479c86436bdb4a0e0066e9b245d74fa62

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite

MD5 a2b916ade07ef50b92af368dae0ce99e
SHA1 8189e776c22b40b09a4e3761f3c89325f970a9c5
SHA256 d9c69c1e9d1e60bf01f8ca29983d1eb83b685a404e561c3b97ad5d00034cd72c
SHA512 87482b935171898e2f50b76309f90a0f46446e1b05245e772aee2f2bfd138f5be6daf45a62c7060383e421c90d123e70ac5cb21d19742bc9305ccc49ff8af37b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm

MD5 5976fa908d2ae6e3d1580284c570ac9e
SHA1 cd812491c1e75d180e0928fde727454b5bd9b334
SHA256 25ac0ddc96f73ca62520ec670947f0b8d6ce0f0cb172e1fe4261c019ac5b85b5
SHA512 cb2bb60f6af7645e34c3d9f6a17c95b5512fbe0c6aca84cb2261cbbc26894a86c57c23d900de4037c2f4902e88e767ca02572e1fa4f84a1877b3c87437abc484

memory/4768-19288-0x00007FF747F10000-0x00007FF748004000-memory.dmp